9816 matches found
Jenkins Script-Console Java Execution Vulnerability
Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Polycom Command Shell Authorization Bypass
The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...
Linksys WRT54GL 1.1 XSS / OS Command Injection
Device Name: Linksys WRT54GL v1.1 Vendor: Linksys/Cisco ============ Vulnerable Firmware Releases: ============ Firmware Version: 4.30.15 build 2, 01/20/2011 ============ Device Description: ============ The Router lets you access the Internet via a wireless connection, broadcast at up to 54 Mbps...
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities Device Name: Linksys WRT54GL v1.1 Vendor: Linksys/Cisco ============ Vulnerable Firmware Releases: ============ Firmware Version: 4.30.15 build 2, 01/20/2011 ============ Device Description: ============ The Router lets you acces...
Jenkins CI Script Console - Command Execution (Metasploit)
Jenkins CI Script Console - Command Execution Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
Jenkins CI Script Console - Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Jenkins...
MS System Center Operations Manager XSS Vulnerabilities (2748552)
This host is missing an important security update according to Microsoft Bulletin MS13-003. OpenVAS Vulnerability Test $Id: secpodms13-003.nasl 6520 2017-07-04 14:28:49Z cfischer $ MS System Center Operations Manager XSS Vulnerabilities 2748552 Authors: Rachana Shetty Copyright: Copyright c 2013...
PT-2025-31694 · NetGear · Netgear Routers
Name of the Vulnerable Software and Affected Versions: Netgear routers versions prior to 1.0.0.36 Description: An authenticated OS command injection vulnerability exists in Netgear routers. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the ppoe...
PT-2025-31685 · D Link · D-Link Dir-300 Rev B +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-300 rev B versions prior to firmware 2.14b01 D-Link DIR-600 versions prior to firmware 2.14b01 D-Link DIR-600 versions prior to firmware 2.13 Description: An OS command injection vulnerability exists in various legacy D-Link router...
Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection
Smartphone Pentest Framework SPF versions 0.1.3 and 0.1.4 suffer from an OS command injection vulnerability. Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 201...
D-Link DSL2730U router restricted telnet shell command whitelisting bypass
Overview D-Link DSL2730U routers contain a restricted telnet shell with limited allowed commands. An authenticated attacker can chain unauthorized commands through authorized commands in order to bypass the command whitelisting. Description CWE-78: Improper Neutralization of Special Elements used...
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework
Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...
Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection
Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...
Nagios XI Network Monitor Graph Explorer Component Command Injection
Exploit for unix platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Nagios XI Network Monitor Graph Explorer Component Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Nagios XI Network...
Nagios XI Network Monitor 2011R1.9 OS Command Injection
======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status: Published ======== TimeLine...
SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection
This module makes use of the SXPGCOMMANDEXEC Remote Function Call, through the use of the /sap/bc/soap/rfc SOAP service, to inject and execute OS commands. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module i...
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
Advisory ID: HTB23123 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: v0.1.2 and probably prior Tested Version: v0.1.2 Vendor Notification: October 24, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: OS Command Injection CWE-78, SQL Injection...
SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection
This module makes use of the SXPGCALLSYSTEM Remote Function Call, through the use of the /sap/bc/soap/rfc SOAP service, to inject and execute OS commands. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is...
PT-2025-31693 · D Link · Dlink Router
Name of the Vulnerable Software and Affected Versions: D-Link routers version 8.04 Description: An authenticated OS command injection vulnerability exists via the tools vct.htm endpoint. The web interface fails to sanitize input passed from the ping ipaddr parameter to the tools vct.htm diagnosti...